The Australian Securities and Investment Commission (ASIC) has warned small and micro businesses to be alert for payment redirection scams, which have caused some of the highest losses to businesses in 2021, to the tune of $13.4 million reported. In fact the true figure is likely much higher, as an estimated one-third of scam victims do not report their loss.
These scams typically involve scammers impersonating legitimate businesses or their employees and redirecting upcoming payments to a fraudulent bank account. The most common contact method reported was phone or text message, and bank transfers were the most common payment method.
In some cases, the scam may involve the actual hacking of legitimate business email accounts to send scam emails. Other methods include intercepting legitimate invoices and amending bank details before releasing the email to the unsuspecting business customer, or registering email addresses that are very similar to ones from a legitimate business.
TIP: Take immediate action if you or your business inadvertently fall prey to a scam. Start by contacting your financial institution to see if anything can be done to recover the money, and then report the scam to either Scamwatch or the Australian Cyber Security Centre.
Businesses should also beware of falling victim to a follow-up money recovery scam, where victims of previous scams are contacted with the promise of recovering lost money for an up-front payment and/or retrieving detailed personal information.
These money recovery scammers often pose as trusted organisations such as a law firm, the fraud taskforce or a government agency. Some more sophisticated scams will have official-looking websites with fake testimonials.